Before Getting Rid of Your Old Printer, Say “Goodbye” to Lingering Data

/in /by

https://safr.me/webinar/  | Robert Siciliano is the #1 Security Expert in the United States with over 25 years of experience! He is here to help you become more aware of the risks and strategies to help protect yourself, your family, your business, and your entire life. Robert brings identity theft, personal security, fraud prevention and cyber security to light so that criminals can no longer hide in the dark. You need to be smarter than criminals yesterday so that they don’t take advantage of you today! If you would like to learn more about Security Awareness, then sign up for Robert’s latest webinar!

_______

In the security business, there’s a lot of talk about protecting your smartphones and computers from malware and viruses, as well as loss and theft. It makes sense. Most of us use our smartphones and computers on a daily basis and keep important information on them like passwords, user names, and credit card numbers. But there are other devices that hold sensitive data that we don’t really talk about. For example, printers.

http://www.dreamstime.com/royalty-free-stock-image-keyboard-recycle-button-green-white-icon-image35645776Some printers have internal hard drives or flash memory that store documents that have been scanned. This means that images of your pay stub, medical records, credit card statements, or any other sensitive documents you once scanned are stored in the printer’s memory and therefore retrievable by someone who knows where to look for it.

Because these hard drives are usually hard to find, they are usually not removed before a printer is resold or recycled. That can be bad news for you if your printer gets into the wrong hands.

If your printer is nearing the end or you are upgrading to a new printer, make sure you delete that important data off your old printer.

How do you get rid of your printer’s data? There are multiple ways.

  • Unplug your printer for a while. This will delete data if there’s no local storage. Check your printer’s  user guide to see how long to leave your printer unplugged until the data is removed.
  • Clear the direct email function. If your printer has this feature, make sure to delete your password before getting rid of the printer.
  • Wipe the disk drive. If your printer has a disk drive feature, use the wipe disk to make sure your data is not accessible by others.
  • Destroy the hard drive. If you decide to trash a printer rather than reselling it, take it apart and find the hard drive. Remove it and hammer it. But remember, safety first. Make sure you wear those safety glasses.

Follow these tips and sell or recycle your printer with peace of mind, knowing that nobody will be able to retrieve your personal information.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Healthcare Providers Gaining Trust by Marketing Security

/in /by

You’ve surely heard of “B2B” or business-to-business marketing. The new game plan is “B2C” – business to consumer marketing, particularly in the healthcare industry. The Affordable Care Act allows healthcare organizations to directly deal with consumers on a massive scale for the first time. However, this comes with some challenges, namely, how to effectively reach potential consumers and differentiate their organization from the competition.

3DOrganizations must take notice that potential enrollees aren’t just concerned about cost and coverage, but two less apparent concerns: privacy and security.

Consumers want reassurance that their data is protected. They can’t get all the data breach fiascos out of their mind. According to the TRUSTe 2014 U.S. Consumer Privacy Report, 92 percent of U.S. Internet users are worried about their online privacy. Of these, 47 percent are frequently worried.

So even though a potential enrollee may have complete faith in your service and reputation, they may be unnerved by the pathways of information exchange: the Internet, mobiles, wireless networks, computers. They know that their personal health data is out there in “space,” up for grabs.

If you want strong enrollment numbers and loyal customers, you must put the consumer’s concern for the protection of their personal health information at the top of the priority list. No way around this. If consumers don’t get assurance from you, they won’t stick around for it; they’ll take their business elsewhere.

So what will you do to put consumers’ apprehension at ease? One way to accomplish this is to facilitate a security and privacy program to ease consumer anxiety.

AllClear ID provides the following guidelines for healthcare insurers and providers:

  • Continue to use state-of-the-art IT techniques to secure cloud services, access points, databases and mobile devices; and to better monitor systems for breaches.
  • Improve security of corporate devices and employees’ personal mobile devices used for work.
  • Enhance employee training at all levels to decrease errors, improve device security and ensure HIPAA compliance. Also train employees around how to comfortably talk to customers about how their data will be protected.
  • Institute an identity protection program for enrollees to make them feel safe signing up with you and reduce the pain if there is a breach.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures

Big ISP free Wi-Fi hazardous to your Data Health

/in , /by

Beware of “Free Wi-Fi” or “Totally Free Internet,” as this probably IS too good to be true. These are likely set up by thieves to trick you into getting on a malicious website.

3WAT&T and Xfinity have provided many free hotspots for travelers to get free Wi-Fi: all over the country. Sounds great, right? However, these services make it a piece of cake for thieves to gain access to your online activities and snatch private information.

AT&T sets mobile devices to automatically connect to “attwifi” hotspots. The iPhone can switch this feature off. However, some Androids lack this option.

Cyber thugs can set up fake hotspots called “evil twins”, which they can call “attwifi,” that your smartphone may automatically connect to.

For Xfinity’s wireless hotspot, you log into their web page and input your account ID and password. Once you’ve connected to a particular hotspot, it will remember you if you want to connect again later in that day, at any “xfinitywifi” hotspot and automatically get you back on.

If someone creates a phony WiFi hotspot and calls it “xfinitywifi,” smartphones that have previously connected to the real Xfinity network could connect automatically to the phony hotspot—without the user knowing, without requiring a password.

None of this means that security is absent or weak with AT&T’s and Xfinity’s networks. There’s no intrinsic flaw. It’s just that they’re so common that they’ve become vehicles for crooks.

Smartphones and Wi-Fi generate probe requests. Turn on the device’s WiFi adapter. It will search for any network that you’ve ever been connected to—as long as you never “told” your device to disregard it. The hacker can set the attack access point to respond to every probe request.

Your device will then try to connect to every single WiFi network it was ever connected to, at least for that year. This raises privacy concerns because the SSIDs that are tied with these probe requests can be used to track the user’s movements.

An assault like this can occur at any public WiFi network. These attacks can force the user to lose their connection from their existing Wi-Fi and then get connected to the attacker’s network.

Two ways to protect yourself:

#1 Turn off “Automatically connect to WiFi” in your mobile device, if you have that option.

#2 the best way to protect and encrypt all your data in your laptop, tablet, or mobiule is via Hotspot Shields software to encrypt all your data even if you automatically connect to a free WiFi.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

8 Ways to bullet proof your Social Accounts

/in /by

There are ways to keep the hackers at bay—for the most part, anyways, since no protection is 100 percent efficient.

14D#1 Password protect.

A device lost or stolen puts all your accounts at risk. Even simply placing your devices on your desk, they can be accessed by a nosy spouse, contractor or baby sitter, putting your accounts at risk. All of your devices should be protected by a password or some kind of passcode, and set to lock up or hibernate after a certain period of inactivity. The lock can be a fingerprint or even a picture password.

Even if you’re the only person who uses your device, having a password is very important because you never know when someone may be able to abscond with your device, then pose as you in your Facebook account.

#2 Log out.

Setting your device to automatically get you onto a social media site eliminates the hassle of having to enter your username and password every time you want to visit the site. However, if the wrong person gets ahold of your computer, mobile or tablet, that person can easily get into your social media accounts. Log out.

#3 Remove apps you don’t use.

If your accounts like Facebook and Twitter are linked to a bunch of third-party apps and services that have accumulated over time, sift through these and knock out the ones you don’t use.

Each third-party app has the potential to act as a portal to hackers. In fact, every so often, go through these to weed out ones you don’t need anymore. Even legitimate applications can open doors of opportunity to hackers because their databases can become infiltrated.

#4 Two-step Verification.

With this, the login process has an extra step if you sign in on a different device. This means that crooks can’t get on with only your password and username. They need the extra code of two-step.

For instructions on how to set this up for social media, here are some common sites that provide them: Facebook, Twitter, Google, Gmail, Tumblr, Dropbox

#5 Don’t get reeled in.

Don’t blindly click on links in e-mails or instant messenger programs! Even if the link comes from a sender you know, that “sender” could actually be a fake sender line generated by a hacker.

Contact the person separately in a new e-mail and ask if they sent you a link. If the link is from a business, go to the business’s site rather than clicking its alleged link in your e-mail.

Though Web browsers and e-mail programs can spot these “phishing” attacks, they miss some; just don’t click on links inside an e-mail.

#6 Encrypt internet connections.

Whenever connecting to any critical account make sure the page you are connecting to is HTTPS, which the “S” makes it a “secure” page. Otherwise on open unsecured, unencrypted wireless, connect only using security software such as Hotspot Shield which encrypts all your wired and wireless communications.

#7 Easy Passwords.

The easier a password is for you to handle and remember, the easier it is for a hacker to crack. Stop using “princess” and 123456 as your passwords. Use a gibberish of characters that have no pattern and do not use words that can be found in a dictionary.

A password manager can help you manage a ton of passwords. Use different passwords for all of your accounts and include upper and lower case letters.

#8 Beef up password resets.

Review the social network’s password reset procedure. See if there are other measures they offer for restoring a hacked account, and get those activated. An example would be Facebook’s Trusted Contacts feature.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

I’ve been hacked, now what?

/in /by

You’re not special; a hacker CAN get into your computer or smartphone. Would you know how to clean up this mess?

4DStart by locating the portal through which the hacker got in such as a browser, emal program. Next, disconnect/uninstall this gateway from the Internet so it doesn’t invade other systems.

Check for suspicious activity by looking at your Activity Viewer or Task Manager. Check the CPU usage—if it spikes, you can have a better chance of spotting malicious activity. In fact, get familiar with how your device runs so that you know what’s normal and what’s not.

Once you’ve snipped access from the hackers, assess their damage.

  • Bring up to date your antivirus and anti-malware systems. If any protection system is disabled, enable it. Do a full system scan—using both systems.
  • Remove anything that doesn’t look right. Various malware scanners will locate bad things, but those bad things will continue downloading if there’s a browser plugin or extension. So take a keen look at all the small items that you’ve downloaded.
  • Change all of your passwords. Make them long and unique.
  • After that, log out of every single account. This will force the hackers to figure out your new passwords.
  • Clear out all cookies, the history and cache in your browser.
  • You may still not be out of the woods at this point. Keep an eye out for suspicious e-mails, new addresses in your account and other phantom activities.
  • If things are still going awry, wipe the hard drive and then reinstall your operating system. But first back up all of your data!

Prevention

  • Have a firewall, and one that’s properly configured.
  • Do not click links inside of e-mails, even if the sender’s address is one you know.
  • Do not open attachments from senders you don’t know or from someone you DO know but would never have a reason to send you an attachment.
  • Delete e-mails with urgent-sounding subject lines or claims you won a prize or inherited money.
  • Have both antivirus and anti-malware applications. They are not one and the same but may be packaged together.
  • Know what your security holes are.
  • Can’t be said enough: Make sure all of your passwords are very strong.
  • Keep your operating system and everything else up to date.
  • If you’re on public Wi-Fi, be extremely cautious. Use Hotspot Shield to encrypt your activities. A Wi-Fi with a password doesn’t mean it’s safe.
  • Never let your device out of your sight. Never. If you think you’ll ever need to leave it unattended, first equip the operating system with a lock and strong password.
  • Back your data up routinely.
  • Your device should have a remote wipe option so that you can eradicate data should someone steal the device.
  • Be very cautious about what you share online. Your computer may have all the bells and whistles of security, but all it takes is one lapse in judgment to let a hacker in, such as falling for some Facebook scam claiming you can watch a video of the latest commercial airliner crash caught on tape.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Russian Organized Crime: Krem D’la Krem of Hackers

/in , /by

The Russians have definitely come…in the world of cybercrime. A Russian ring of hackers has amassed 1.2 billion stolen passwords and usernames involving 400,000 websites. The criminals have also garnered 542 million e-mail addresses.

11DAnd these Russians didn’t discriminate: Any website they could bust into, they did, ranging from big U.S. companies to little websites—anything. Most of these sites remain vulnerable.

Apparently, the thieves are not working for Russia’s government (which rarely goes after hackers anyways), nor have they sold the stolen information…yet. They’ve been paid by third-party entities who want to send out spam.

This gang of thieves operates like a business, with some doing the programming and others doing the stealing. The crooks use botnets to scope a site’s weaknesses, then plow in there.

This massive breach has called attention to the reliance that businesses have on usernames and passwords; this will need to be changed.

Tips for Preventing Getting Hacked

  • Say NO to clicking on links inside e-mails, even if the apparent (note “apparent”) recipient is your bank or a friend.
  • URL security. Trust only sites whose URL starts with a padlock icon and “https.” An “http” won’t cut it.
  • Two-step verification. If your financial institution offers this, then activate it. Call the bank if its website doesn’t have this information.
  • Online banking. If possible, conduct this on a separate computer just for this purpose.
  • Change the router’s default password; otherwise it will be easy for hackers to do their job.
  • Wired ethernet link. This is better than a powerline or Wi-Fi for protection. To carry out an ethernet attack, the thief would probably have to break into a home and set up a device, whereas Wi-Fi data can be snatched out of the air, and powerline data can leak into next-door.
  • Encryption. If you must use Wi-Fi or powerline networks, encryption will scramble data, but a hacker can crack into Wi’Fi’s WEP.
  • Say no to third-party Wi-Fi hotspots.
  • Security updates. Keeping up to date will guard against hackers who use a keylogger to figure out your keystroke pattern—which can tell him your passwords.
  • Hotshot Shield; This service protects you from fraudulent activity when you’re working online in an unprotected network (wired or wireless), such as at airports, hotels or coffee houses.
  • Get identity theft protection. Generally your identity is protected from new account fraud. Many of the services monitor your data on the dark web.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

15 ways to prevent Travel related Identity Theft

/in /by

See if you’ve been employing the safeguards below to protect your identity while traveling.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813#1 Put snail mail on hold.

Crooks love to scavenge through overflowing mail boxes to seek out personal information to steal an identity. Prevent this by arranging the postal service to put a stop on your mail.

#2 Clean up, thin out.

It’s been said that the laws of physics are defied when a woman empties her purse. Before traveling, dump out anything and everything: drug prescriptions, old memos, business cards, even expired documents. A thief could use this information to steal your identity.

#3 Be cautious with public computers.

A public computer is a very fertile area for identity theft, and this includes the computer in your hotel’s lobby. Never save passwords or use the auto-save function for forms. When you’re done, delete the search history. Never visit your financial institutions’ sites either.

#4 Wireless means watch out.

Free public Wi-Fi means anyone can snatch your personal information out of the air because this kind of Wi-Fi does not include encryption (which scrambles data). Use Hotspot Shield on your PC, Mac, tablet and mobile to encrypt your wireless communications.

The ability to snag your private information requires only a basic knowledge of computers plus a simple plugin, and voila—this person can spy on your browser activities. Try to use only WEP, WPA and WPA2 networks. Otherwise, visit only secure websites (they have the “https” in their address).

#5 Keep your phone number private.

Other than giving it to reps for your airline and hotel reservations, keep it to yourself. If it gets out, a fraudster could use it to pull phone scams on you.

#6 Protect your smartphone.

If your mobile device is loaded with personal information, it should have a home-screen-locking password. This can even be a fingerprint scan, depending on the model. Androids need antivirus the same as PCs do.

#7 Beware of ATMs.

ATMs can be fake or skimmers can be installed. A phony ATM kiosk can be set up on a street corner, beckoning for you. You swipe your card, and your card information is stored for later pickup by the thief who put the kiosk there.

If you must use an ATM, use a bank’s during regular business hours. Protect yourself from skimmers by blocking the keypad with your other hand as you enter your PIN. But still check your statements because keypad overlays can be installed too. Shred receipts immediately.

#8 Pay with cash.

Though stolen cash can’t be replaced, it also won’t lead to identity theft. Limit credit card use to secure payment systems found at major retail outlets and airports. Be suspicious of clerks who want to leave your visual range to swipe your credit card. And just plain don’t use a debit card when traveling.

#9 Don’t use your passport for ID.

Instead use your driver’s license or international ID. If you rely only on a passport and it gets stolen, you’ll end up in a bind you’ll never forget. Have backups of both scanned and available online.

#10 Hotel scams

Never give out private information over your hotel room’s phone, even if the caller says they’re from the front desk and need to straighten something out. Instead, deal with them at the front desk so you know it’s not a scam.

#11 Lock up valuables.

This doesn’t just mean jewelry, but use your hotel room’s safe to lock up passports, airline information, credit cards, cash and electronic gadgets unless you’re using them. Better yet, take them with you, or better still only travel with valuables you absolutely need.

#12 Review credit card statements.

Check your statements every month for unauthorized charges so that they don’t pile up.

#13 Encrypt laptop/mobile data.

When traveling with digital devices make sure to use encryption software that makes your data useless to a thief.

#14 Install tracking software.

Mobile devices should have a lock/locate/wipe software that does just that in the even your device goes mobile without you.

#15 Get identity theft protection

Both identity theft protection and a credit freeze should be used by everyone traveling or not.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Data Breaches May Result in Board Breakups

/in /by

The ripple effect continues to haunt Target: It’s expected that seven of its board of directors members may be replaced because they failed to provide effective oversight into the corporation’s data-protection risks. Boards simply need to be more proactive in safeguarding their companies against data breaches.

2DInstitutional Shareholder Services (ISS) prepared a report on the Target data breach and aftermath. The report states that Target’s board members should have been kept in the loop pertaining to protection of sensitive information and what a breach could mean to brand reputation and customer loyalty.

“The company acknowledged the need for more stringent internal capabilities to identify potential risks with less reliance on external reports which suggested the systems were robust enough,” the report says.

The report concludes that Target failed to prepare for keeping up with today’s cyber threat technology, and that this failure comes from the audit and the corporate responsibility committees.

ISS says that these committees are responsible for being in charge of risk assessment and management. This includes the risk of fraud. The inadequate oversight in these areas paved the way to the disastrous data breach.

The ISS report should be a wakeup call to board members of all businesses. Board members need to realize the importance of directing more time, energy and money toward improving security programs.

Though the dismissal of seven of Target’s total of 10 board members may seem radical, it also has a fair degree of rationale because it sends the message that boards and senior executives need to be held accountable for their company’s cyber security.

Boards need to be practically fused with their organization’s IT experts and executive team so that they have an intimate knowledge of the steps a company is taking to protect customer information—even if none of the board members are security experts. The ramifications from poor handling of a data security incident are now things that even board members must be aware of and work to prevent.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Data Breach Response Planning 101

/in /by

Don’t think in terms of “if” you’ll suffer a data breach, but rather, “when.” Once you establish this mindset, it’s time for you to develop a response plan. After all, a security system that’s impenetrable has yet to be invented.

4HWhat’s even more, an amazing number of businesses don’t even have the best security system available. So again, the data breach is a “when,” not an “if.”

For starters, a response plan should include as much information about the incident as possible, remaining transparent (consult your legal team about the types of information that should and should not be disclosed) and being aggressive at managing the circumstances.

Another area to consider when developing a response plan is how the data breach will impact customers and clients—namely, their trust in the company. The Ponemon Institute states that much of the damage from a data breach stems from the loss of customer trust in the company.

Though the average number of customers who vanish following a data breach came in at 4 percent, says the study, there are enterprises that see an average “customer churn” rate of 7 percent. While it may seem small, it will undoubtedly be noticeable when it comes to the bottom line, , and the healthcare and pharmaceutical industries are just the type to suffer this degree of loss.

So how can a company prepare to retain as many customers as possible following a data breach? Be prepared, and this preparation should include a way to stay level-headed.

One way to stay cool and collected is to avoid jumping the gun when the breach occurs, because if the business is too hasty at revealing the breach, the organization will have that much less time to respond in an efficient, optimal matter. Thus, take the time to consult with experts and gather all of the facts before reacting.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Home Invasion Task Force on high Alert

/in /by

Florida’s Collier County residents have a new fear on the block: masked home invaders. But really, they’re more like home walker-inners, because in the five reported cases, they got in via an unlocked door.

1BA task force was assembled on April 7 to figure out anything about these home invasions that began mid-February in which residents are held at gunpoint and bound. It’s not clear if these crimes are related.

But apparently, the intruders prefer occupied homes, figuring they can get a lot more this way (e.g., being directed to the safe and given the combination). And they’re quite adept at evading authorities; no details on the masked intruders are out, even though investigators are really hammering away at figuring this out, meeting every morning.

Residents are being urged to contact the sheriff’s office about suspicious activity, such as an idling car in a street, and just to trust their gut instincts about something seeming out of place.

As long as people continue leaving their doors unlocked, these invaders will continue having a field day with their crimes. Police are adamant that residents keep their doors locked, and keeping their alarms on (if they have one) even when they’re home.

Residents should consider putting valuables in a safe-deposit box located at their bank, and put up security cameras, a proven deterrent to home invasions and burglaries.

Thus far, compliant occupants of the invaded homes have not been harmed, but one who tried to escape was injured enough to require hospitalization. The task force won’t give up until the perpetrators are stopped.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.